For the ORT project, we construct a dependency tree for Gradle projects using the following init script with the model() function of the GradleConnector.
When building the dependency tree, we build purls for every package. However, when a project depends on the subproject of an included build (example here), our script cannot construct purl for the subproject because the TAPI does not deliver enough information about the included builds, such as the subproject group id and version id.
Yes, we can use project.gradle.getIncludedBuilds() but this gives us only the included build name and project directory.
We workaround this issue by using the internal API to access included build model (inspiration comes from here).
This works but, of course, relying on the internal API is awful and we start getting issue with people running ORT to analyze projects with older versions of Gradle, such a 6.9 where the getTarget() function didn’t exist.
So the questions are: is it possible to access included build model with the public API ?
If not, what speaks again changing the public API to support it ?
Some comments from the Internet suggest this is not possible for model(), however using the connector action() function is not a solution for us, since this would mean discarding our initialization script altogether.
Thanks in advance for any help or suggestion.